php -- input validation error in safe_mode

Details

VuXML ID

ee6fa2bd-406a-11dd-936a-0015af872849

Discovery

2008-06-17

Entry

2008-06-22

Modified

2008-09-04

According to Maksymilian Arciemowicz research,
it is possible to bypass security restrictions
of safe_mode in various
functions via directory traversal vulnerability. The attacker
can use this attack to gain access to sensitive
information. Functions utilizing
expand_filepath() may be affected.

It should be noted that this vulnerability is not
considered to be serious by the FreeBSD Security Team,
since safe_mode and open_basedir
are insecure by design and should not be relied upon.